SMS Alert Order Notifications – WooCommerce
by WordPress
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-13553 | Cri | 0.64 | 9.8 | 0.01 | Apr 1, 2025 | The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground… | ||
| CVE-2024-11725 | Hig | 0.50 | 8.8 | 0.01 | Jan 7, 2025 | The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including,… | ||
| CVE-2024-10233 | Med | 0.42 | 6.4 | 0.00 | Oct 29, 2024 | The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping on user supplied… | ||
| CVE-2024-1489 | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2024 | The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for… |
- risk 0.64cvss 9.8epss 0.01
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground…
- risk 0.50cvss 8.8epss 0.01
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including,…
- risk 0.42cvss 6.4epss 0.00
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping on user supplied…
- risk 0.28cvss 4.3epss 0.00
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for…